Search to see number of concurrent searches

June 20, 2019•27 words

Courtesy of David Paper

index=_internal earliest=-1h group=search_concurrency host=<search head glob> ("system total") | rex field=_raw mode=sed "s/system total/user=system/g" |eval user=coalesce(user,"system") | timechart max(active_hist_searches) by user

👍❤️🫶👏👌🤯🤔😂😍😭😢😡😮

Subscribe to the author

You'll only receive email when they publish something new.

More from automine
All posts

Splunk clustering status

June 19, 2019•232 words

1: STATUS_UP A peer showing no symptoms will be in the UP state this is the peak of health 2: STATUS_UNSTABLE If a peer shows concerning but tolerable symptoms it will be put in the UNSTABLE state. In this state the peer is still searched but we emit warnings about our symptoms on the bulletin board. Preempts all previous states. Currently symptoms that fall into this are: Clock skew between search head and peer. We get the peer's time from the timestamp on the Http Response headers during...

Read post

List all of your lookups

July 31, 2019•13 words

| rest splunk_server=local /servicesNS/-/-/data/transforms/lookups | fields title eai:appName type filename collection ...

Read post

Search to see number of concurrent searches

More from automineAll posts

Splunk clustering status

List all of your lookups

More from automine
All posts